Archive

Category Archives for "Network World Security"

Quantum-embedded chips could secure IoT

Microprocessors that are unique to each Internet of Things (IoT) device is the way forward in the ongoing and tricky quest to secure the IoT, says Crypto Quantique. One idea is that by making each chip one of a kind and unclonable, an application would become almost impossible to hack.The U.K.-based startup says it has introduced “the world's most advanced security product for IoT devices.” The microprocessor-based solution uses quantum physics, combined with cryptography, all embedded in silicon, it explained in a press release last October.To read this article in full, please click here

Top 10 IoT vulnerabilities

Security questions have dogged the Internet of Things (IoT) since before the name was invented. Everyone from vendors to enterprise users to consumers is concerned that their fancy new IoT devices and systems could be compromised. The problem is actually worse than that, as vulnerable IoT devices can be hacked and harnessed into giant botnets that threaten even properly secured networks.But what exactly are the biggest problems and vulnerabilities to avoid when building, deploying, or managing IoT systems? And, more to the point, what can we do to mitigate these issues?To read this article in full, please click here

First step to becoming a hacker: Linux!

If you're contemplating a career in cybersecurity and haven't come up to speed on Linux, now's the time to get ramped up and here's one easy way to do it. This new book from no starch press was written with people like you in mind. Authored by OccupyTheWeb, the force behind Hackers-Arise, Linux Basics for Hackers provides everything from basic Linux command line skills through to scripting, manipulating logging, network scanning, using and abusing system services, and remaining stealthy in the process.Why Linux? Because Linux is open source, tool developers (and you) have a level of access that is unsurpassed. Linux is transparent and this means that you can learn to manipulate it in ways that are not possible with most OSes. In addition (and undoubtedly for the reason just mentioned), most cybersecurity tools are written to run on Linux.To read this article in full, please click here

First step to becoming a cybersecurity pro: Linux

If you're contemplating a career in cybersecurity and haven't come up to speed on Linux, now's the time to get ramped up and here's one easy way to do it. This new book from No Starch Press was written with people like you in mind. Authored by OccupyTheWeb, Linux Basics for Hackers: Getting Started with Networking, Scripting, and Security in Kali provides everything from basic Linux command-line skills through to scripting, manipulating logging, network scanning, using and abusing system services, and remaining stealthy in the process.Why Linux is important to security Because Linux is open source, tool developers (and you) have a level of access that is unsurpassed. Linux is transparent, and that means you can learn to manipulate it in ways that are not possible with most OSes. In addition (and undoubtedly for the reason just mentioned), most cybersecurity tools are written to run on Linux.To read this article in full, please click here

Oculeus anti-fraud offering protects against telecom system abuse

When most enterprise companies worry about having their systems hacked by attackers, the main concern is for the enterprise networks. Few companies consider that their phone systems may be vulnerable to hacking resulting in costly toll fraud. Nevertheless, the practice of hacking into corporate PBX systems and injecting fraudulent calls over the network is causing billions of dollars in damage worldwide every year.Enterprise companies use modern PBX (private branch exchange) systems to run their communications. A PBX switches calls between enterprise users on local lines while allowing all users to share a certain number of external phone lines. Modern PBX systems work on the Session Initiation Protocol (SIP), which is a signaling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video, and messaging applications.To read this article in full, please click here

How edge computing can help secure the IoT

Data created by Internet of Things (IoT) sensors must be secured better, say some. A simple password-on-device solution is no longer sufficient thanks to increasing data protection regulations, a new public awareness of tracking, and hugely proliferating devices. A new kind of architecture using Security Agents should be aggressively built into local routers and networks to handle IoT security and computation rather than offloading the number-crunching to a data center or the cloud, or indeed trying to perform it on the resource-limited IoT device, IEEE researchers say. In other words, IoT security should be handled at the network level rather than device for best results.To read this article in full, please click here

What does ASLR do for Linux?

Address Space Layout Randomization (ASLR) is a memory-protection process for operating systems (OSes) that guards against buffer-overflow attacks. It helps to ensure that the memory addresses associated with running processes on systems are not predictable and, thus, flaws or vulnerabilities associated with these processes will be more difficult to exploit. ASLR is used today on Linux, Windows and MacOS systems. It was first implemented on Linux in 2005. In 2007, the technique was deployed on Microsoft Windows and MacOS. While ASLR provides the same function on each of these operating systems, it is implemented differently on each OS.The effectiveness of ASLR is dependent on the entirety of the address space layout remaining unknown to the attacker. In addition, only executables that are compiled as Position Independent Executable (PIE) programs will be able to claim the maximum protection from ASLR technique because all sections of the code will be loaded at random locations. PIE machine code will execute properly regardless of its absolute address.To read this article in full, please click here

How ASLR protects Linux systems from buffer overflow attacks

Address Space Layout Randomization (ASLR) is a memory-protection process for operating systems that guards against buffer-overflow attacks. It helps to ensure that the memory addresses associated with running processes on systems are not predictable, thus flaws or vulnerabilities associated with these processes will be more difficult to exploit.ASLR is used today on Linux, Windows, and MacOS systems. It was first implemented on Linux in 2005. In 2007, the technique was deployed on Microsoft Windows and MacOS. While ASLR provides the same function on each of these operating systems, it is implemented differently on each one.The effectiveness of ASLR is dependent on the entirety of the address space layout remaining unknown to the attacker. In addition, only executables that are compiled as Position Independent Executable (PIE) programs will be able to claim the maximum protection from ASLR technique because all sections of the code will be loaded at random locations. PIE machine code will execute properly regardless of its absolute address.To read this article in full, please click here

ICANN housecleaning revokes old DNS security key

The Internet Corporation for Assigned Names and Numbers (ICANN) this week will do some important housecleaning from its successful, first-ever cryptographic key change performed last October.In October, ICANN rolled out a new, more secure root zone Key Signing Key -2017 (KSK-2017), but the process wasn’t complete because the old key, KSK-2010 remained in the zone. On Jan. 10, ICANN will revoke the old key and remove it from the root zone. The KSK helps protect the internet’s address book — the Domain Name System (DNS) and overall Internet security.To read this article in full, please click here

ICANN housecleaning will revoke old DNS security key this week

The Internet Corporation for Assigned Names and Numbers will this week do some important housecleaning from its successful, first-ever cryptographic key change performed last October.In October ICANN rolled out a new, more secure root zone Key Signing Key -2017 (KSK-2017) but the process wasn’t complete as the old key, KSK-2010 remained in the zone. On January 10 ICANN will revoke the old key and remove it from the root zone. The KSK helps protect the internet’s address book – the Domain Name System (DNS) and overall Internet security.To read this article in full, please click here

Six IoT predictions for 2019

This time of year, it can seem like the world is swimming in predictions for the new year, and the Internet of Things (IoT) is no exception. In fact, in fast-evolving areas like IoT, multitudes of trends and opportunities and challenges are in play, making predictions ridiculously easy — just about anything can happen, and probably will.[ Also read: Gartner’s top 10 IoT trends for 2019 and beyond | Get regularly scheduled insights: Sign up for Network World newsletters ] So, my goal here is to identify a set of IoT predictions that are both likely to happen … and likely to have a significant impact on the development and implementation of the technology.To read this article in full, please click here

Cisco patches a critical patch on its software-license manager

Cisco this week said it patched a “critical” patch for its Prime License Manager (PLM) software that would let attackers execute random SQL queries.The Cisco Prime License Manager offers enterprise-wide management of user-based licensing, including license fulfillment.RELATED: What IT admins love/hate about 8 top network monitoring tools Released in November, the first version of the Prime License Manager patch caused its own “functional” problems that Cisco was then forced to fix. That patch, called ciscocm.CSCvk30822_v1.0.k3.cop.sgn addressed the SQL vulnerability but caused backup, upgrade and restore problems, and should no longer be used Cisco said.To read this article in full, please click here

What will be hot for Cisco in 2019?

IDG Software, software, and more software. That seems to be the mantra for Cisco in 2019 as the company pushes software-defined WANs, cloud partnerships, improved application programs, and its over-arching drive to sell more subscription-based software licenses.As the year closed on Cisco’s first quarter 2019 financials, the company was indeed touting its software growth, saying subscriptions were 57 percent of total software revenue, up five points year over year, and its application software businesses was up 18 percent to $1.42 billion. The company also said its security business, which is mostly software, rose 11 percent year over year to $651 million.To read this article in full, please click here

DNS over HTTPS seeks to make internet use more private

Unauthorized interception of DNS traffic provides enough information to ascertain internet users’ thoughts, desires, hopes and dreams.  Not only is there concern for privacy from nearby nosey neighbors, but governments and corporations could use that information to learn about individuals’ internet behavior and use it to profile them and their organization for political purposes or target them with ads. Efforts like the DNS Privacy Project aim to raise awareness of this issue and provide pointers to resources to help mitigate these threats.To read this article in full, please click here(Insider Story)

Securing the IoT has become business-critical

The IoT era has arrived.Here's some proof: 83% of organizations say the Internet of Things (IoT) is important to business today, and 92% say it will be in two years.That's according to a recent DigiCert survey conducted by ReRez Research of 700 organizations in five countries to better understand the IoT and IoT security.Anecdotally, I always find that markets have matured when it’s no longer an unusual thing. For example, a few years ago, it was hard to find IoT deployments that were outside of the traditional machine-to-machine industries such as manufacturing and oil and gas. Today, connected things are everywhere. Case in point: I recently interviewed the IT director at an entertainment venue and he walked me through all the connected things without ever saying “IoT.” The organization was connecting more things to improve customer experience, and it was treated as no big deal.To read this article in full, please click here

The perils of using voice commands with IoT machines

Earlier this week, German carmaker Volkswagen announced an upgrade to its VW Car-Net mobile app that lets iPhone users control their Golfs and Jettas using Siri commands. Specifically, iPhone users on iOS 12 can say, “Hey, Siri” to lock and unlock the car, check estimated range remain, flash the warning lights, and toot the horn. You can also add Shortcuts to Siri with personalized phrases to start/stop charging, defrosting, and climate controls; set the temperature; and even ask, “Where is my car?”Woo-hoo, pretty exciting right? Not in most cases, actually, but the announcement got me thinking about the limits and perils of voice commands in automotive applications.To read this article in full, please click here

Download Malwarebytes Today and Protect Your Data for Free

Everyone lives on the internet, period. Whether you’re streaming a standup special on Netflix, answering emails from your boss, chatting on Tinder, or completing everyday errands like paying bills online, you’re likely spending most of your day tangled up in the world wide web. Unfortunately, that makes you a high-risk candidate for a cyber attack at some point along the way, be it through malware, phishing, or hacking. Best-case scenario, it sucks up your time to fix (or your money by paying someone else to fix it). Worst case scenario, it puts you and your computer out of commission for days and damages your files beyond repair. Not to mention the sheer terror of knowing some hacker has complete and total access to virtually everything about you, including all of your banking and credit card information. Malwarebytes is a free program built to help you avoid the above scenarios altogether — and it makes traditional antivirus look old, tired, and played out (seriously it’s free, download it here).To read this article in full, please click here

GPUs are vulnerable to side-channel attacks

Computer scientists at the University of California at Riverside have found that GPUs are vulnerable to side-channel attacks, the same kinds of exploits that have impacted Intel and AMD CPUs.Two professors and two students, one a computer science doctoral student and a post-doctoral researcher, reverse-engineered a Nvidia GPU to demonstrate three attacks on both graphics and computational stacks, as well as across them. The researchers believe these are the first reported side-channel attacks on GPUs.[ Read also: What are the Meltdown and Spectre exploits? | Get regularly scheduled insights: Sign up for Network World newsletters ] A side-channel attack is one where the attacker uses how a technology operates, in this case a GPU, rather than a bug or flaw in the code. It takes advantage of how the processor is designed and exploits it in ways the designers hadn’t thought of.To read this article in full, please click here

1 2 3 286